German Patent Application No. DE 10 2009 002 396 A1 describes a method for protecting data transmissions in a vehicle from manipulation with the aid of message authentication code.
Messages which are transmitted in vehicles, for example, via a controller area network or FlexRay databus, are provided with a checksum, for example, for a cyclic redundancy check. Safety-critical messages are checked on the receiver side using this checksum.
The checksum may also be supplemented or replaced by the message authentication code.
The check is carried out with the aid of software and/or hardware specifically adapted for this purpose.
To prevent manipulations, the software and/or hardware may be developed according to the so-called principle of least privilege. Accordingly, each module, i.e., each processor or each program within the overall system only has access to the information or resource which is necessary for fulfilling the particular purpose.
If a special hardware module is used for checking the message authentication code, the principle of least privilege may be violated in that the special hardware module may also be used for generating a message authentication code. This makes it possible for a compromised recipient of a message to also send a falsified message having a valid message authentication code in the name of the original sender.